Vulnerability CVE-2020-11656 - CERT Civis.Net

Vulnerability Name:

CVE-2020-11656 (CCN-180285)

Assigned:

2020-04-09

Published:

2020-04-09

Updated:

2022-04-08

Summary:

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-11656

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: XF
Type: UNKNOWN
sqlite-cve202011656-info-disc(180285)

Source: FREEBSD
Type: Third Party Advisory
FreeBSD-SA-20:22

Source: GENTOO
Type: Third Party Advisory
GLSA-202007-26

Source: CCN
Type: NetApp Advisory Number NTAP-20200416-0001
April 2020 SQLite Vulnerabilities in NetApp Products

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200416-0001/

Source: CCN
Type: IBM Security Bulletin 6211992 (PowerAI)
A security vulnerability has been identified in SQLite shipped with IBM Watson Machine Learning Community Edition (WMLCE)

Source: CCN
Type: IBM Security Bulletin 6245634 (Tivoli Composite Application Manager for Applications)
Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655

Source: CCN
Type: IBM Security Bulletin 6258179 (Cloud Application Performance Management)
A vulneraqbility in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2020-11655, CVE-2020-11656)

Source: CCN
Type: IBM Security Bulletin 6403862 (MaaS360 Cloud Extender)
IBM MaaS360 Cloud Extender has security vulnerabilities (CVE-2020-1155, CVE-2020-1156)

Source: CCN
Type: IBM Security Bulletin 6410788 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6590981 (QRadar Data Synchronization App)
IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: CCN
Type: SQLite Web site
Fix a case when a pointer might be used after being freed in the ALTER TABLE code.

Source: MISC
Type: Patch, Vendor Advisory
https://www.sqlite.org/src/info/d09f8c3621d5f7f8

Source: CONFIRM
Type: Release Notes, Third Party Advisory
https://www.tenable.com/security/tns-2021-14

Source: MISC
Type: Patch, Vendor Advisory
https://www3.sqlite.org/cgi/src/info/b64674919f673602

Vulnerable Configuration:

Configuration 1:

cpe:/a:sqlite:sqlite:*:*:*:*:*:*:*:* (Version <= 3.31.1)

Configuration 2:

cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.0.3)

OR cpe:/a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.22)

OR cpe:/a:oracle:mysql_workbench:*:*:*:*:*:*:*:* (Version <= 8.0.22)

OR cpe:/a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

OR cpe:/o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* (Version < 1.0.1.1)

Configuration 5:

cpe:/a:tenable:tenable.sc:*:*:*:*:*:*:*:* (Version <= 5.19.0)

Configuration CCN 1:

cpe:/a:sqlite:sqlite:3.31.1:*:*:*:*:*:*:*

OR cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_application_performance_management:8.1.4:*:*:*:*:advanced_private:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

Denotes that component is vulnerable